Sarai Hannah Ajai Suspected Unauthorized Interference With Apple Mac Mini Files, Local Application Project Folders, GitHub Desktop Repository Working Trees, and Original Software / Business Intellectual Property Materials

 Incident Report

Subject

Suspected Unauthorized Interference With Apple Mac Mini Files, Local Application Project Folders, GitHub Desktop Repository Working Trees, and Original Software / Business Intellectual Property Materials

Reporting Party: Sarai Hannah Ajai
Date of Discovery: May 27, 2026
Approximate Time of Discovery: 3:30 PM
Evidence Screenshot Timeframe: May 28, 2026, approximately 12:18 AM through 12:21 AM
Device Involved: Apple Mac Mini
Affected Local Project Repositories / Web Applications:

1. VaultInbox_0.0.1a
2. AccouNetrics_IvoteBallot_Prototype_v0.0.5

Primary Evidence Type: GitHub Desktop screenshots showing substantial repository working-tree changes, including red minus indicators, changed file counts, and repository history panels.

---

I. Executive Summary

On May 27, 2026, at approximately 3:30 PM, I, Sarai Hannah Ajai, discovered what I believe to be a serious suspected unauthorized file-interference incident involving my Apple Mac Mini, my local Finder folders, and my active GitHub Desktop repositories for VaultInbox.Cloud and AccouNetrics / iVoteBallot.

Upon reviewing my Apple Finder environment and GitHub Desktop, I discovered that approximately 480 filesappeared to have been placed into or associated with the Trash folder. These files appeared to come from multiple folders, including active software project directories and business-documentation folders associated with VaultInbox_0.0.1a and AccouNetrics_IvoteBallot_Prototype_v0.0.5.

The uploaded screenshots show that GitHub Desktop detected large working-tree changes in both repositories. The AccouNetrics_IvoteBallot_Prototype_v0.0.5 repository showed 66 changed files. The VaultInbox_0.0.1arepository showed 69 changed files. Many visible entries appear with red minus indicators, which are consistent with files being missing from the local working directory when compared with the repository’s last tracked state.

I did not intentionally move these files into the Trash. I did not authorize any person to access, control, copy, move, delete, alter, mirror, clone, or otherwise interfere with my Apple Mac Mini, my Finder folders, my GitHub Desktop repositories, my software projects, my database files, my investor materials, my business plans, or my intellectual property records.

This report is submitted as a preservation-oriented incident record concerning suspected unauthorized access, suspected file movement, suspected repository working-tree interference, suspected evidence disruption, and suspected intellectual property interference. I request technical review, account review, repository review, file-system review, device review, and preservation of all related logs and records.

---

II. Background and Context

I am the creator and owner of multiple original software and business projects, including VaultInbox.Cloud, AccouNetrics, and iVoteBallot. These projects contain original software code, database structures, route files, authentication workflows, security logic, business plans, investor materials, pricing models, presentation decks, diagrams, screenshots, technical documents, and related intellectual property materials.

The affected repositories are not casual storage folders. They are active development environments and business-documentation repositories. They contain materials related to software design, business planning, investor communications, prototype development, database modeling, security workflows, and application testing.

Because these repositories are connected to GitHub Desktop, unexpected local file movement can appear as changed, deleted, modified, or added files in GitHub Desktop. Therefore, when a large number of files suddenly appeared in GitHub Desktop as changed, including many red minus indicators, I became concerned that the local working folders had been altered without my consent.

I am documenting this incident because the number of affected files, the types of affected files, the two separate project repositories involved, and the apparent Finder Trash activity are all highly concerning to me.

---

III. Summary of Exhibit Review

Exhibit A1 — AccouNetrics / iVoteBallot Repository: 66 Changed Files

Exhibit A1 shows GitHub Desktop open to the repository:

AccouNetrics_IvoteBallot_Prototype_v0.0.5

The screenshot shows:

• Current branch: main
• GitHub Desktop “Changes” tab selected
• 66 changed files
• Multiple files listed with red minus indicators
• Affected visible file categories include:
• AccouNetrics business plan materials
• Executive summary documents
• company description documents
• financial statement / spreadsheet materials
• financial projections
• market analysis documents
• tenant-harassment-related report documents
• contract documents
• business planning records

The red minus indicators shown beside many files are consistent with GitHub Desktop detecting that those files are no longer present in the local working tree where Git expected them to remain. The screenshot alone does not prove who caused the file-state change, but it does preserve evidence that the repository had a large number of local changes requiring review.

---

Exhibit A2 — AccouNetrics / iVoteBallot Repository History

Exhibit A2 shows the same AccouNetrics_IvoteBallot_Prototype_v0.0.5 repository in GitHub Desktop with the “History” tab selected.

The visible selected commit is titled:

“AccouNetrics: close P1 timestamp source verification, validate UUID-auth regression evidence, and add authenticated account navigation follow-up”

The screenshot shows:

• Repository history exists for prior AccouNetrics development work.
• The selected prior commit contains 11 changed files.
• The visible file list includes database files and local project records.
• The selected commit appears to relate to timestamp verification, UUID authentication regression evidence, and authenticated account navigation follow-up.

This exhibit is relevant because it helps show that the repository had an existing development history and a prior tracked project state before the later large working-tree change set appeared.

---

Exhibit B1 — VaultInbox Repository: 69 Changed Files, Business Plan and Diagram Materials

Exhibit B1 shows GitHub Desktop open to:

VaultInbox_0.0.1a

The screenshot shows:

• Current branch: main
• GitHub Desktop “Changes” tab selected
• 69 changed files
• Multiple files listed with red minus indicators
• Visible affected file categories include:
• .DS_Store
• VaultInbox business plan documents
• market analysis documents
• ownership / non-assignment / cease-false-claims document
• delivery-comparison documents
• business plan files
• cookies file
• MFA diagram files
• inbox authentication diagram files
• README / text files
• investor materials

This exhibit is important because it shows a substantial number of changed files in the VaultInbox repository, including business documentation and security-design diagrams.

---

Exhibit B2 — VaultInbox Repository: Architecture, Public Assets, Routes, and Services

Exhibit B2 continues the VaultInbox changed-file list and shows additional visible files affected within the same 69-file change set.

The visible affected categories include:

• investor narrative plan materials
• public .DS_Store
• public image asset files
• README file
• routes/mailboxRoutes.js
• screenshot evidence file
• services/certificateService.js
• VaultInbox architecture diagrams
• PDF and PNG architecture exports
• business partner test logo images
• presentation files

This exhibit is important because it shows that the changed-file set was not limited to one type of document. It included software route files, service-layer files, public assets, diagrams, screenshots, and project documentation.

---

Exhibit B3 — VaultInbox Repository: Logo, Photo, and Presentation Assets

Exhibit B3 continues the VaultInbox changed-file list and shows additional affected materials, including:

• VaultInbox logo image files
• logo preview files
• watermark files
• SVG logo files
• YouTube branding image files
• photo-generation images
• professional portrait image
• presentation screenshots and slide-deck materials
• investor deck materials

This exhibit is relevant because it shows apparent changes involving branding, image, presentation, and investor-related materials.

---

Exhibit B4 — VaultInbox Repository: Presentation Decks and Product Demo Materials

Exhibit B4 shows another portion of the VaultInbox 69-file change set, including:

• VaultInbox presentation files
• investor deck files
• matched-style overlay presentation files
• pitch deck PDFs
• pitch deck PPTX files
• product demo page files
• user workflow presentation materials
• desk manual document

This exhibit is relevant because it shows the affected file set includes business-presentation and investor-presentation materials that may have intellectual property, business planning, and ownership significance.

---

Exhibit B5 — VaultInbox Repository History and Prior MFA Stabilization Commit

Exhibit B5 shows the VaultInbox_0.0.1a repository in the GitHub Desktop “History” tab.

The selected commit is titled:

“People Operations Employee Portal MFA Stabilization, Stable-Key TOTP Rebuild, Valid Browser MFA Verification, and Deferred Session-Level MFA Gate Enforcement”

The screenshot shows:

• The selected commit was made by Sarai Hannah Ajai.
• The commit appears approximately 6 days prior.
• The right panel shows 10 changed files in that commit.
• Visible files include:
• db/vaultinbox.sqlite
• db/vaultinbox.sqlite-shm
• db/vaultinbox.sqlite-wal
• routes/employeeMfaRoutes.js
• MFA diagnostic and code-generation scripts
• MFA reset / rebuild scripts
• documentation files

This exhibit is relevant because it shows recent normal development history for the VaultInbox project, specifically involving People Operations, Employee Portal MFA stabilization, stable-key TOTP work, browser MFA verification, and deferred session-level MFA gate enforcement.

---

IV. Incident Timeline

A. Discovery of Suspected File Interference

Date: May 27, 2026
Approximate Time: 3:30 PM

On May 27, 2026, at approximately 3:30 PM, I discovered that a large number of files appeared to have been placed into or associated with the Apple Finder Trash folder. Based on my review, approximately 480 files appeared to be involved.

The files appeared to come from numerous folders, including active folders related to:

1. VaultInbox_0.0.1a
2. AccouNetrics_IvoteBallot_Prototype_v0.0.5
3. business plan records
4. investor records
5. architecture records
6. presentation records
7. database records
8. route files
9. service files
10. image assets
11. diagram files
12. supporting project documentation

I did not intentionally place these files in the Trash. I did not authorize any person to move, delete, copy, alter, or interfere with those files.

---

B. GitHub Desktop Evidence Showing Repository Working-Tree Changes

After discovering the suspected Finder Trash issue, I reviewed GitHub Desktop. GitHub Desktop showed large change sets in both affected repositories.

For AccouNetrics_IvoteBallot_Prototype_v0.0.5, GitHub Desktop showed 66 changed files.

For VaultInbox_0.0.1a, GitHub Desktop showed 69 changed files.

The screenshots show red minus indicators beside numerous files. In GitHub Desktop, red minus indicators commonly show that a file is being treated as deleted or missing from the local working directory compared with the repository’s tracked state.

This evidence caused me to believe that the files were not merely moved in Finder in a harmless manner, but that the movement affected the local Git working-tree state for active software repositories.

---

C. AccouNetrics / iVoteBallot Files Shown as Affected

The AccouNetrics / iVoteBallot evidence shows that files associated with business planning, financial planning, contracts, company descriptions, executive summaries, market analysis, and other materials appeared in the changed-file list.

Examples of visible affected categories include:

• seed-funding contract document
• AccouNetrics business plan executive summary
• iVoteBallot business plan executive summary
• company description materials
• financial statement spreadsheet
• financial projections
• market analysis
• tenant-harassment-related report documents
• business strategy materials

Because AccouNetrics and iVoteBallot are original project concepts and business-development records created and maintained by me, the apparent file-state change creates concern about unauthorized access to original business records and intellectual property materials.

---

D. VaultInbox.Cloud Files Shown as Affected

The VaultInbox evidence shows that GitHub Desktop detected changed files across multiple categories, including software, business, architecture, investor, branding, image, diagram, and presentation materials.

Examples of visible affected categories include:

• VaultInbox business plan files
• market analysis files
• investor narrative plans
• investor deck files
• pitch deck files
• product demo files
• architecture diagrams
• MFA diagrams
• inbox authentication diagrams
• public image assets
• logo files
• route files
• service files
• database files
• screenshot evidence files
• certificate-service file
• README and documentation files

Because VaultInbox.Cloud is an active software platform under development, changes to route files, service files, database files, architecture documents, and security-related diagrams raise serious concern regarding project integrity, chain-of-custody, and preservation of development evidence.

---

E. Concern Regarding Unauthorized Mirroring, Cloning, or Remote Access

Based on the apparent Finder Trash activity, the large repository working-tree change sets, and the presence of many red minus indicators in GitHub Desktop, I became concerned that my Apple Mac Mini may have been accessed, mirrored, cloned, remotely controlled, synchronized improperly, or otherwise interfered with by unknown person(s).

I cannot independently determine from the screenshots alone whether the technical cause was unauthorized remote access, account compromise, malicious file movement, Finder-level user action by another person, cloud synchronization issue, repository path change, local disk issue, Git index issue, or some other cause.

However, I can state that:

1. I discovered the issue suddenly.
2. I did not intentionally move these files into the Trash.
3. I did not authorize another person to access or alter the files.
4. GitHub Desktop displayed large change sets in two separate repositories.
5. The affected files included software-development and business-intellectual-property materials.
6. The incident caused me substantial distress and concern regarding unauthorized access and preservation of evidence.

---

V. Legal and Investigative Concerns

This section is not a final legal conclusion. It identifies potential legal and investigative categories that may be relevant if later forensic review, account review, GitHub review, Apple review, or law-enforcement review confirms unauthorized access, copying, alteration, file movement, credential misuse, repository interference, or data access.

1. Unauthorized Computer Access Concern

If a later technical review confirms that any person accessed my Apple Mac Mini, local files, GitHub Desktop repositories, or project folders without authorization, federal computer-access law may be relevant. The Computer Fraud and Abuse Act includes provisions addressing unauthorized access to protected computers and unauthorized conduct causing damage or loss. (U.S. Code)

2. Stored Communications / Cloud-Sync Concern

If a later review confirms unauthorized access to cloud-stored communications, cloud-synced project folders, account-linked storage, or other electronic communication storage, stored-communications law may be relevant. Federal law addresses intentional unauthorized access to facilities through which electronic communication service is provided where the conduct obtains, alters, or prevents authorized access to communications in electronic storage. (Department of Justice)

3. Interception / Monitoring Concern

If a later review confirms interception, monitoring, redirection, or unauthorized capture of electronic communications related to my device, accounts, repositories, or project activity, federal interception law may warrant review. Federal law prohibits intentional interception or attempted interception of wire, oral, or electronic communications except where legally authorized. (Legal Information Institute)

4. Copyright and Original Works Concern

The affected materials include original documents, software-project records, diagrams, presentations, business plans, images, and other authored materials. Federal copyright law protects original works of authorship fixed in a tangible medium of expression, subject to the requirements and limits of copyright law. (Legal Information Institute)

5. Business Confidentiality and Intellectual Property Concern

The affected materials include business plans, investor materials, application architecture records, authentication/security workflow records, database files, pitch decks, diagrams, and software-development files. If any person accessed, copied, transmitted, altered, or used these materials without authorization, the incident may involve business-confidentiality, intellectual-property, evidence-preservation, and unauthorized-access concerns.

---

VI. Effect on Me

This incident caused me substantial fear, distress, and depression. I was extremely upset because the affected files are connected to my original software projects, business records, investor materials, and intellectual property. These projects represent years of personal work, technical development, business planning, and documentation.

The incident also interfered with my ability to work, focus, and feel secure using my Apple Mac Mini. Seeing large numbers of files displayed in GitHub Desktop as changed, missing, or altered made me feel that my software projects and business materials were no longer under stable control.

I am especially concerned because the affected repositories include authentication work, MFA work, database files, business plans, architecture materials, and investor-presentation materials. Any unauthorized access to these materials could affect my ability to preserve ownership evidence, continue development, maintain clean repository history, and protect confidential business records.

---

VII. Formal Statement

I, Sarai Hannah Ajai, state that on May 27, 2026, at approximately 3:30 PM, I discovered that approximately 480 files appeared to have been placed into or associated with the Apple Finder Trash folder. These files appeared to include materials from multiple folders, including active software-project folders and GitHub Desktop repositories connected to VaultInbox_0.0.1a and AccouNetrics_IvoteBallot_Prototype_v0.0.5.

After reviewing GitHub Desktop, I observed that VaultInbox_0.0.1a showed 69 changed files and AccouNetrics_IvoteBallot_Prototype_v0.0.5 showed 66 changed files. The screenshots show numerous red minus indicators beside files, consistent with files being missing from the local working directory compared with the repository’s tracked state.

I did not intentionally move these files into the Trash. I did not authorize any person to access, move, copy, delete, alter, mirror, clone, control, or interfere with my Apple Mac Mini, local folders, GitHub Desktop repositories, software projects, database files, project documentation, business plans, investor materials, images, diagrams, or intellectual property records.

I am preserving this report and the uploaded exhibits as a factual record of my observations, my concerns, and the visible repository evidence. I request that this incident be reviewed as suspected unauthorized file interference, suspected repository working-tree interference, suspected digital evidence disruption, and suspected intellectual property interference.

I do not claim technical certainty as to the exact method or person responsible based solely on the screenshots. I request technical review to determine whether the cause involved unauthorized access, remote access, mirroring, cloning, account compromise, cloud synchronization, file-system activity, local user-account activity, Git working-tree changes, Finder Trash activity, or another technical cause.

---

VIII. Uploaded Exhibits / Supporting Evidence

Exhibit A1

File: Exhibit A1 | Screenshot 2026-05-28 at 12.18.44 AM
Description: GitHub Desktop screenshot showing AccouNetrics_IvoteBallot_Prototype_v0.0.5 on the mainbranch with 66 changed files. Numerous visible AccouNetrics and iVoteBallot business, financial, market-analysis, and planning documents appear with red minus indicators.

Exhibit A2

File: Exhibit A2 | Screenshot 2026-05-28 at 12.19.02 AM
Description: GitHub Desktop history view for AccouNetrics_IvoteBallot_Prototype_v0.0.5. The selected prior commit concerns P1 timestamp source verification, UUID authentication regression evidence, and authenticated account navigation follow-up. The exhibit helps show prior repository history and development context.

Exhibit B1

File: Exhibit B1 | Screenshot 2026-05-28 at 12.19.25 AM
Description: GitHub Desktop screenshot showing VaultInbox_0.0.1a on the main branch with 69 changed files. Visible files include VaultInbox business plan materials, ownership-related documents, delivery-comparison documents, MFA diagrams, inbox authentication diagrams, investor documents, and project records.

Exhibit B2

File: Exhibit B2 | Screenshot 2026-05-28 at 12.19.48 AM
Description: GitHub Desktop screenshot showing additional files within the VaultInbox_0.0.1a 69-file change set. Visible files include investor narrative plans, public image assets, README file, routes/mailboxRoutes.js, screenshot evidence, services/certificateService.js, VaultInbox architecture diagrams, and presentation materials.

Exhibit B3

File: Exhibit B3 | Screenshot 2026-05-28 at 12.20.05 AM
Description: GitHub Desktop screenshot showing additional VaultInbox files with red minus indicators, including logo files, branding images, photo-generation images, professional portrait image, pitch pages, investor deck files, pitch deck PDFs, and presentation files.

Exhibit B4

File: Exhibit B4 | Screenshot 2026-05-28 at 12.20.19 AM
Description: GitHub Desktop screenshot showing additional VaultInbox presentation, pitch deck, investor deck, product demo, and workflow-presentation files within the 69-file change set.

Exhibit B5

File: Exhibit B5 | Screenshot 2026-05-28 at 12.21.02 AM
Description: GitHub Desktop history view for VaultInbox_0.0.1a. The selected prior commit concerns People Operations Employee Portal MFA stabilization, stable-key TOTP rebuild, valid browser MFA verification, and deferred session-level MFA gate enforcement. The right panel shows 10 changed files from that prior commit, including database files, MFA route files, and MFA-related scripts.

Additional Uploaded Image

File: image(24).png
Description: Additional uploaded image preserved with the exhibit set. The reporting party may clarify its evidentiary purpose if needed.

---

IX. Preservation Request

I request preservation of all records potentially related to this incident, including but not limited to:

1. Apple Mac Mini file-system metadata.
2. Finder Trash contents and related timestamps.
3. File creation, modification, access, and movement timestamps.
4. GitHub Desktop repository working-tree status.
5. Git commit history and .git metadata for both affected repositories.
6. GitHub Desktop logs, if available.
7. Local macOS user-account login records.
8. macOS unified logs related to file activity, login activity, remote access, sharing, and synchronization.
9. Apple ID access records and device sign-in records available through lawful channels.
10. iCloud Drive synchronization records, if applicable.
11. Any Time Machine or local backup snapshots.
12. Any external drive, cloud-storage, or sync-service records.
13. Network/router logs, if available.
14. GitHub account access logs, if available.
15. Any evidence showing whether files were copied, moved, accessed, altered, deleted, restored, synchronized, or transmitted.
16. Any evidence showing unauthorized remote access, account access, mirroring, cloning, screen-sharing, or file-transfer activity.
17. Any evidence showing access to business plans, investor materials, pitch decks, diagrams, source-code files, database files, route files, service files, images, or architecture records.

---

X. Requested Action

I respectfully request that this report and the attached exhibits be accepted as a preservation-oriented incident record. I request that any appropriate reviewer, service provider, legal counsel, investigator, regulator, or law-enforcement agency treat this matter as a suspected cyber-related incident involving private software-development repositories, local Apple Mac Mini file activity, original business records, and intellectual property materials.

I request review to determine:

1. Whether any unauthorized person accessed my Apple Mac Mini.
2. Whether files were moved into Trash by unauthorized activity.
3. Whether files were copied, transmitted, or accessed before appearing as missing in GitHub Desktop.
4. Whether either GitHub Desktop repository was altered outside my authorization.
5. Whether my GitHub Desktop repositories preserve enough metadata to reconstruct the affected file activity.
6. Whether Apple, GitHub, iCloud, macOS, router, or local system logs can identify the cause.
7. Whether any unauthorized access affected VaultInbox.Cloud, AccouNetrics, iVoteBallot, or related intellectual property records.

---

XI. Certification Statement

I certify that this report is based on my personal observations, my review of Apple Finder, my review of GitHub Desktop, and the uploaded screenshot exhibits. I did not authorize any person to access, copy, move, delete, alter, mirror, clone, control, or interfere with my Apple Mac Mini, project folders, GitHub Desktop repositories, software files, database files, business plans, investor materials, diagrams, presentation materials, or original intellectual property records.

I submit this report to preserve the facts as I observed them and to request further review.

Respectfully submitted,
Sarai Hannah Ajai
Date: May 27, 2026 / May 28, 2026 evidence screenshots
Location: Fargo, North Dakota